[Interface]
PrivateKey = {{ wg_private_key }}
Address = 192.168.0.1/20
ListenPort = 51820
MTU = {{ wireguard_mtu | default(1380) }}

{% for host in groups['all'] %}
{% if not hostvars[host]['is_primary']|bool %}
[Peer]
PublicKey = {{ hostvars[host]['wg_public_key'] }}
AllowedIPs = {{ hostvars[host]['wireguard_ip'] }}/32, 10.0.0.0/8
Endpoint = {{ hostvars[host]['external_ip'] }}:51820
{% endif %}
{% endfor %}
